STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide

V-259002

CAT II (Medium)

The vCenter STS service host-manager webapp must be removed.

Rule ID

SV-259002r934664_rule

STIG

VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000381

Discussion

Tomcat provides host management functionality through either a default host-manager webapp or through local editing of the configuration files. The host-manager webapp files must be deleted, and administration must be performed through the local editing of the configuration files.

Check Content

At the command prompt, run the following command:

# ls -l /var/opt/apache-tomcat/webapps/host-manager

If the manager folder exists or contains any content, this is a finding.

Fix Text

At the command prompt, run the following command:

# rm -rf /var/opt/apache-tomcat/webapps/host-manager